CVE-2018-6219
MEDIUMTrendmicro Email Encryption Gateway - Improper Certificate Validation
Title source: ruleDescription
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappsjsp
https://www.exploit-db.com/exploits/44166
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44166/
Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119349
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities
Scores
CVSS v3
6.5
EPSS
0.0143
EPSS Percentile
80.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-295
Status
published
Products (1)
trendmicro/email_encryption_gateway
5.5
Published
Mar 15, 2018
Tracked Since
Feb 18, 2026